Security is of prime importance when it comes to deciding whether to invest in a technology, especially when that technology has implications on the infrastructure and workflow. Docker containers are mostly secure, and since Docker doesn't interfere with other systems, you can use additional security measures to harden the security around the
docker daemon. It is better to run the
docker daemon in a dedicated host and run other services as containers (except services such as
cron, and so on).
In this section, we will discuss Kernel features used in Docker that are pertinent to security. We will also consider the
docker daemon itself as a possible attack vector.
Image credit http://xkcd.com/424/
Namespaces provide sandboxing ...